suricata
util-profiling-rules.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2012 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Endace Technology Limited.
22  * \author Victor Julien <victor@inliniac.net>
23  *
24  * An API for rule profiling operations.
25  */
26 
27 #include "suricata-common.h"
28 #include "decode.h"
29 #include "detect.h"
30 #include "conf.h"
31 
32 #include "tm-threads.h"
33 
34 #include "util-unittest.h"
35 #include "util-byte.h"
36 #include "util-profiling.h"
37 #include "util-profiling-locks.h"
38 
39 #ifdef PROFILING
40 
41 /**
42  * Extra data for rule profiling.
43  */
44 typedef struct SCProfileData_ {
45  uint32_t sid;
46  uint32_t gid;
47  uint32_t rev;
48  uint64_t checks;
49  uint64_t matches;
50  uint64_t max;
51  uint64_t ticks_match;
52  uint64_t ticks_no_match;
54 
55 typedef struct SCProfileDetectCtx_ {
56  uint32_t size;
57  uint32_t id;
59  pthread_mutex_t data_m;
61 
62 /**
63  * Used for generating the summary data to print.
64  */
65 typedef struct SCProfileSummary_ {
66  uint32_t sid;
67  uint32_t gid;
68  uint32_t rev;
69  uint64_t ticks;
70  double avgticks;
73  uint64_t checks;
74  uint64_t matches;
75  uint64_t max;
76  uint64_t ticks_match;
77  uint64_t ticks_no_match;
79 
80 extern int profiling_output_to_file;
82 static char profiling_file_name[PATH_MAX] = "";
83 static const char *profiling_file_mode = "a";
84 #ifdef HAVE_LIBJANSSON
85 static int profiling_rule_json = 0;
86 #endif
87 
88 /**
89  * Sort orders for dumping profiled rules.
90  */
91 enum {
99 };
100 
101 static int profiling_rules_sort_orders[8] = {
109  -1 };
110 
111 /**
112  * Maximum number of rules to dump.
113  */
114 static uint32_t profiling_rules_limit = UINT32_MAX;
115 
117 {
118 #define SET_ONE(x) { \
119  profiling_rules_sort_orders[0] = (x); \
120  profiling_rules_sort_orders[1] = -1; \
121  }
122 
123  ConfNode *conf;
124  const char *val;
125 
126  conf = ConfGetNode("profiling.rules");
127  if (conf != NULL) {
128  if (ConfNodeChildValueIsTrue(conf, "enabled")) {
130 
131  val = ConfNodeLookupChildValue(conf, "sort");
132  if (val != NULL) {
133  if (strcmp(val, "ticks") == 0) {
135  }
136  else if (strcmp(val, "avgticks") == 0) {
138  }
139  else if (strcmp(val, "avgticks_match") == 0) {
141  }
142  else if (strcmp(val, "avgticks_no_match") == 0) {
144  }
145  else if (strcmp(val, "checks") == 0) {
147  }
148  else if (strcmp(val, "matches") == 0) {
150  }
151  else if (strcmp(val, "maxticks") == 0) {
153  }
154  else {
156  "Invalid profiling sort order: %s", val);
157  exit(EXIT_FAILURE);
158  }
159  }
160 
161  val = ConfNodeLookupChildValue(conf, "limit");
162  if (val != NULL) {
163  if (ByteExtractStringUint32(&profiling_rules_limit, 10,
164  (uint16_t)strlen(val), val) <= 0) {
165  SCLogError(SC_ERR_INVALID_ARGUMENT, "Invalid limit: %s", val);
166  exit(EXIT_FAILURE);
167  }
168  }
169  const char *filename = ConfNodeLookupChildValue(conf, "filename");
170  if (filename != NULL) {
171 
172  const char *log_dir;
173  log_dir = ConfigGetLogDirectory();
174 
175  snprintf(profiling_file_name, sizeof(profiling_file_name),
176  "%s/%s", log_dir, filename);
177 
178  const char *v = ConfNodeLookupChildValue(conf, "append");
179  if (v == NULL || ConfValIsTrue(v)) {
180  profiling_file_mode = "a";
181  } else {
182  profiling_file_mode = "w";
183  }
184 
186  }
187  if (ConfNodeChildValueIsTrue(conf, "json")) {
188 #ifdef HAVE_LIBJANSSON
189  profiling_rule_json = 1;
190 #else
191  SCLogWarning(SC_ERR_NO_JSON_SUPPORT, "no json support compiled in, using plain output");
192 #endif
193  }
194  }
195  }
196 #undef SET_ONE
197 }
198 
199 /**
200  * \brief Qsort comparison function to sort by ticks.
201  */
202 static int
203 SCProfileSummarySortByTicks(const void *a, const void *b)
204 {
205  const SCProfileSummary *s0 = a;
206  const SCProfileSummary *s1 = b;
207  if (s1->ticks == s0->ticks)
208  return 0;
209  else
210  return s0->ticks > s1->ticks ? -1 : 1;
211 }
212 
213 /**
214  * \brief Qsort comparison function to sort by average ticks per match.
215  */
216 static int
217 SCProfileSummarySortByAvgTicksMatch(const void *a, const void *b)
218 {
219  const SCProfileSummary *s0 = a;
220  const SCProfileSummary *s1 = b;
221  if (s1->avgticks_match == s0->avgticks_match)
222  return 0;
223  else
224  return s0->avgticks_match > s1->avgticks_match ? -1 : 1;
225 }
226 
227 /**
228  * \brief Qsort comparison function to sort by average ticks per non match.
229  */
230 static int
231 SCProfileSummarySortByAvgTicksNoMatch(const void *a, const void *b)
232 {
233  const SCProfileSummary *s0 = a;
234  const SCProfileSummary *s1 = b;
235  if (s1->avgticks_no_match == s0->avgticks_no_match)
236  return 0;
237  else
238  return s0->avgticks_no_match > s1->avgticks_no_match ? -1 : 1;
239 }
240 
241 /**
242  * \brief Qsort comparison function to sort by average ticks.
243  */
244 static int
245 SCProfileSummarySortByAvgTicks(const void *a, const void *b)
246 {
247  const SCProfileSummary *s0 = a;
248  const SCProfileSummary *s1 = b;
249  if (s1->avgticks == s0->avgticks)
250  return 0;
251  else
252  return s0->avgticks > s1->avgticks ? -1 : 1;
253 }
254 
255 /**
256  * \brief Qsort comparison function to sort by checks.
257  */
258 static int
259 SCProfileSummarySortByChecks(const void *a, const void *b)
260 {
261  const SCProfileSummary *s0 = a;
262  const SCProfileSummary *s1 = b;
263  if (s1->checks == s0->checks)
264  return 0;
265  else
266  return s0->checks > s1->checks ? -1 : 1;
267 }
268 
269 /**
270  * \brief Qsort comparison function to sort by matches.
271  */
272 static int
273 SCProfileSummarySortByMatches(const void *a, const void *b)
274 {
275  const SCProfileSummary *s0 = a;
276  const SCProfileSummary *s1 = b;
277  if (s1->matches == s0->matches)
278  return 0;
279  else
280  return s0->matches > s1->matches ? -1 : 1;
281 }
282 
283 /**
284  * \brief Qsort comparison function to sort by max ticks.
285  */
286 static int
287 SCProfileSummarySortByMaxTicks(const void *a, const void *b)
288 {
289  const SCProfileSummary *s0 = a;
290  const SCProfileSummary *s1 = b;
291  if (s1->max == s0->max)
292  return 0;
293  else
294  return s0->max > s1->max ? -1 : 1;
295 }
296 
297 #ifdef HAVE_LIBJANSSON
298 
299 static void DumpJson(FILE *fp, SCProfileSummary *summary,
300  uint32_t count, uint64_t total_ticks,
301  const char *sort_desc)
302 {
303  char timebuf[64];
304  uint32_t i;
305  struct timeval tval;
306 
307  json_t *js = json_object();
308  if (js == NULL)
309  return;
310  json_t *jsa = json_array();
311  if (jsa == NULL) {
312  json_decref(js);
313  return;
314  }
315 
316  gettimeofday(&tval, NULL);
317  CreateIsoTimeString(&tval, timebuf, sizeof(timebuf));
318  json_object_set_new(js, "timestamp", json_string(timebuf));
319  json_object_set_new(js, "sort", json_string(sort_desc));
320 
321  for (i = 0; i < MIN(count, profiling_rules_limit); i++) {
322  /* Stop dumping when we hit our first rule with 0 checks. Due
323  * to sorting this will be the beginning of all the rules with
324  * 0 checks. */
325  if (summary[i].checks == 0)
326  break;
327 
328  json_t *jsm = json_object();
329  if (jsm) {
330  json_object_set_new(jsm, "signature_id", json_integer(summary[i].sid));
331  json_object_set_new(jsm, "gid", json_integer(summary[i].gid));
332  json_object_set_new(jsm, "rev", json_integer(summary[i].rev));
333 
334  json_object_set_new(jsm, "checks", json_integer(summary[i].checks));
335  json_object_set_new(jsm, "matches", json_integer(summary[i].matches));
336 
337  json_object_set_new(jsm, "ticks_total", json_integer(summary[i].ticks));
338  json_object_set_new(jsm, "ticks_max", json_integer(summary[i].max));
339  json_object_set_new(jsm, "ticks_avg", json_integer(summary[i].avgticks));
340  json_object_set_new(jsm, "ticks_avg_match", json_integer(summary[i].avgticks_match));
341  json_object_set_new(jsm, "ticks_avg_nomatch", json_integer(summary[i].avgticks_no_match));
342 
343  double percent = (long double)summary[i].ticks /
344  (long double)total_ticks * 100;
345  json_object_set_new(jsm, "percent", json_integer(percent));
346  json_array_append_new(jsa, jsm);
347  }
348  }
349  json_object_set_new(js, "rules", jsa);
350 
351  char *js_s = json_dumps(js,
352  JSON_PRESERVE_ORDER|JSON_COMPACT|JSON_ENSURE_ASCII|
353  JSON_ESCAPE_SLASH);
354 
355  if (unlikely(js_s == NULL))
356  return;
357  fprintf(fp, "%s", js_s);
358  free(js_s);
359  json_decref(js);
360 }
361 
362 #endif /* HAVE_LIBJANSSON */
363 
364 static void DumpText(FILE *fp, SCProfileSummary *summary,
365  uint32_t count, uint64_t total_ticks,
366  const char *sort_desc)
367 {
368  uint32_t i;
369  struct timeval tval;
370  struct tm *tms;
371  gettimeofday(&tval, NULL);
372  struct tm local_tm;
373  tms = SCLocalTime(tval.tv_sec, &local_tm);
374 
375  fprintf(fp, " ----------------------------------------------"
376  "----------------------------\n");
377  fprintf(fp, " Date: %" PRId32 "/%" PRId32 "/%04d -- "
378  "%02d:%02d:%02d.", tms->tm_mon + 1, tms->tm_mday, tms->tm_year + 1900,
379  tms->tm_hour,tms->tm_min, tms->tm_sec);
380  fprintf(fp, " Sorted by: %s.\n", sort_desc);
381  fprintf(fp, " ----------------------------------------------"
382  "----------------------------\n");
383  fprintf(fp, " %-8s %-12s %-8s %-8s %-12s %-6s %-8s %-8s %-11s %-11s %-11s %-11s\n", "Num", "Rule", "Gid", "Rev", "Ticks", "%", "Checks", "Matches", "Max Ticks", "Avg Ticks", "Avg Match", "Avg No Match");
384  fprintf(fp, " -------- "
385  "------------ "
386  "-------- "
387  "-------- "
388  "------------ "
389  "------ "
390  "-------- "
391  "-------- "
392  "----------- "
393  "----------- "
394  "----------- "
395  "-------------- "
396  "\n");
397  for (i = 0; i < MIN(count, profiling_rules_limit); i++) {
398 
399  /* Stop dumping when we hit our first rule with 0 checks. Due
400  * to sorting this will be the beginning of all the rules with
401  * 0 checks. */
402  if (summary[i].checks == 0)
403  break;
404 
405  double percent = (long double)summary[i].ticks /
406  (long double)total_ticks * 100;
407  fprintf(fp,
408  " %-8"PRIu32" %-12u %-8"PRIu32" %-8"PRIu32" %-12"PRIu64" %-6.2f %-8"PRIu64" %-8"PRIu64" %-11"PRIu64" %-11.2f %-11.2f %-11.2f\n",
409  i + 1,
410  summary[i].sid,
411  summary[i].gid,
412  summary[i].rev,
413  summary[i].ticks,
414  percent,
415  summary[i].checks,
416  summary[i].matches,
417  summary[i].max,
418  summary[i].avgticks,
419  summary[i].avgticks_match,
420  summary[i].avgticks_no_match);
421  }
422 
423  fprintf(fp,"\n");
424 }
425 
426 /**
427  * \brief Dump rule profiling information to file
428  *
429  * \param de_ctx The active DetectEngineCtx, used to get at the loaded rules.
430  */
431 static void
432 SCProfilingRuleDump(SCProfileDetectCtx *rules_ctx)
433 {
434  uint32_t i;
435  FILE *fp;
436 
437  if (rules_ctx == NULL)
438  return;
439 
440  if (profiling_output_to_file == 1) {
441  fp = fopen(profiling_file_name, profiling_file_mode);
442 
443  if (fp == NULL) {
444  SCLogError(SC_ERR_FOPEN, "failed to open %s: %s", profiling_file_name,
445  strerror(errno));
446  return;
447  }
448  } else {
449  fp = stdout;
450  }
451 
452  int summary_size = sizeof(SCProfileSummary) * rules_ctx->size;
453  SCProfileSummary *summary = SCMalloc(summary_size);
454  if (unlikely(summary == NULL)) {
455  SCLogError(SC_ERR_MEM_ALLOC, "Error allocating memory for profiling summary");
456  return;
457  }
458 
459  uint32_t count = rules_ctx->size;
460  uint64_t total_ticks = 0;
461 
462  SCLogPerf("Dumping profiling data for %u rules.", count);
463 
464  memset(summary, 0, summary_size);
465  for (i = 0; i < count; i++) {
466  summary[i].sid = rules_ctx->data[i].sid;
467  summary[i].rev = rules_ctx->data[i].rev;
468  summary[i].gid = rules_ctx->data[i].gid;
469 
470  summary[i].ticks = rules_ctx->data[i].ticks_match + rules_ctx->data[i].ticks_no_match;
471  summary[i].checks = rules_ctx->data[i].checks;
472 
473  if (summary[i].ticks > 0) {
474  summary[i].avgticks = (long double)summary[i].ticks / (long double)summary[i].checks;
475  }
476 
477  summary[i].matches = rules_ctx->data[i].matches;
478  summary[i].max = rules_ctx->data[i].max;
479  summary[i].ticks_match = rules_ctx->data[i].ticks_match;
480  summary[i].ticks_no_match = rules_ctx->data[i].ticks_no_match;
481  if (summary[i].ticks_match > 0) {
482  summary[i].avgticks_match = (long double)summary[i].ticks_match /
483  (long double)summary[i].matches;
484  }
485 
486  if (summary[i].ticks_no_match > 0) {
487  summary[i].avgticks_no_match = (long double)summary[i].ticks_no_match /
488  ((long double)summary[i].checks - (long double)summary[i].matches);
489  }
490  total_ticks += summary[i].ticks;
491  }
492 
493  int *order = profiling_rules_sort_orders;
494  while (*order != -1) {
495  const char *sort_desc = NULL;
496  switch (*order) {
498  qsort(summary, count, sizeof(SCProfileSummary),
499  SCProfileSummarySortByTicks);
500  sort_desc = "ticks";
501  break;
503  qsort(summary, count, sizeof(SCProfileSummary),
504  SCProfileSummarySortByAvgTicks);
505  sort_desc = "average ticks";
506  break;
508  qsort(summary, count, sizeof(SCProfileSummary),
509  SCProfileSummarySortByChecks);
510  sort_desc = "number of checks";
511  break;
513  qsort(summary, count, sizeof(SCProfileSummary),
514  SCProfileSummarySortByMatches);
515  sort_desc = "number of matches";
516  break;
518  qsort(summary, count, sizeof(SCProfileSummary),
519  SCProfileSummarySortByMaxTicks);
520  sort_desc = "max ticks";
521  break;
523  qsort(summary, count, sizeof(SCProfileSummary),
524  SCProfileSummarySortByAvgTicksMatch);
525  sort_desc = "average ticks (match)";
526  break;
528  qsort(summary, count, sizeof(SCProfileSummary),
529  SCProfileSummarySortByAvgTicksNoMatch);
530  sort_desc = "average ticks (no match)";
531  break;
532  }
533 #ifdef HAVE_LIBJANSSON
534  if (profiling_rule_json) {
535  DumpJson(fp, summary, count, total_ticks, sort_desc);
536  } else
537 #endif
538  {
539  DumpText(fp, summary, count, total_ticks, sort_desc);
540  }
541  order++;
542  }
543 
544  if (fp != stdout)
545  fclose(fp);
546  SCFree(summary);
547  SCLogPerf("Done dumping profiling data.");
548 }
549 
550 /**
551  * \brief Register a rule profiling counter.
552  *
553  * \retval Returns the ID of the counter on success, 0 on failure.
554  */
555 static uint16_t
556 SCProfilingRegisterRuleCounter(SCProfileDetectCtx *ctx)
557 {
558  ctx->size++;
559  return ctx->id++;
560 }
561 
562 /**
563  * \brief Update a rule counter.
564  *
565  * \param id The ID of this counter.
566  * \param ticks Number of CPU ticks for this rule.
567  * \param match Did the rule match?
568  */
569 void
570 SCProfilingRuleUpdateCounter(DetectEngineThreadCtx *det_ctx, uint16_t id, uint64_t ticks, int match)
571 {
572  if (det_ctx != NULL && det_ctx->rule_perf_data != NULL && det_ctx->rule_perf_data_size > id) {
573  SCProfileData *p = &det_ctx->rule_perf_data[id];
574 
575  p->checks++;
576  p->matches += match;
577  if (ticks > p->max)
578  p->max = ticks;
579  if (match == 1)
580  p->ticks_match += ticks;
581  else
582  p->ticks_no_match += ticks;
583  }
584 }
585 
586 static SCProfileDetectCtx *SCProfilingRuleInitCtx(void)
587 {
589  if (ctx != NULL) {
590  memset(ctx, 0x00, sizeof(SCProfileDetectCtx));
591 
592  if (pthread_mutex_init(&ctx->data_m, NULL) != 0) {
594  "Failed to initialize hash table mutex.");
595  exit(EXIT_FAILURE);
596  }
597  }
598 
599  return ctx;
600 }
601 
603 {
604  if (ctx != NULL) {
605  SCProfilingRuleDump(ctx);
606  if (ctx->data != NULL)
607  SCFree(ctx->data);
608  pthread_mutex_destroy(&ctx->data_m);
609  SCFree(ctx);
610  }
611 }
612 
614 {
615  if (ctx == NULL|| ctx->size == 0)
616  return;
617 
618  SCProfileData *a = SCMalloc(sizeof(SCProfileData) * ctx->size);
619  if (a != NULL) {
620  memset(a, 0x00, sizeof(SCProfileData) * ctx->size);
621 
622  det_ctx->rule_perf_data = a;
623  det_ctx->rule_perf_data_size = ctx->size;
624  }
625 }
626 
627 static void SCProfilingRuleThreadMerge(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx)
628 {
629  if (de_ctx == NULL || de_ctx->profile_ctx == NULL || de_ctx->profile_ctx->data == NULL ||
630  det_ctx == NULL || det_ctx->rule_perf_data == NULL)
631  return;
632 
633  int i;
634  for (i = 0; i < det_ctx->rule_perf_data_size; i++) {
635  de_ctx->profile_ctx->data[i].checks += det_ctx->rule_perf_data[i].checks;
636  de_ctx->profile_ctx->data[i].matches += det_ctx->rule_perf_data[i].matches;
637  de_ctx->profile_ctx->data[i].ticks_match += det_ctx->rule_perf_data[i].ticks_match;
638  de_ctx->profile_ctx->data[i].ticks_no_match += det_ctx->rule_perf_data[i].ticks_no_match;
639  if (det_ctx->rule_perf_data[i].max > de_ctx->profile_ctx->data[i].max)
640  de_ctx->profile_ctx->data[i].max = det_ctx->rule_perf_data[i].max;
641  }
642 }
643 
645 {
646  if (det_ctx == NULL || det_ctx->de_ctx == NULL || det_ctx->rule_perf_data == NULL)
647  return;
648 
649  pthread_mutex_lock(&det_ctx->de_ctx->profile_ctx->data_m);
650  SCProfilingRuleThreadMerge(det_ctx->de_ctx, det_ctx);
651  pthread_mutex_unlock(&det_ctx->de_ctx->profile_ctx->data_m);
652 
653  SCFree(det_ctx->rule_perf_data);
654  det_ctx->rule_perf_data = NULL;
655  det_ctx->rule_perf_data_size = 0;
656 }
657 
658 /**
659  * \brief Register the rule profiling counters.
660  *
661  * \param de_ctx The active DetectEngineCtx, used to get at the loaded rules.
662  */
663 void
665 {
666  if (profiling_rules_enabled == 0)
667  return;
668 
669  de_ctx->profile_ctx = SCProfilingRuleInitCtx();
670  BUG_ON(de_ctx->profile_ctx == NULL);
671 
672  Signature *sig = de_ctx->sig_list;
673  uint32_t count = 0;
674  while (sig != NULL) {
675  sig->profiling_id = SCProfilingRegisterRuleCounter(de_ctx->profile_ctx);
676  sig = sig->next;
677  count++;
678  }
679 
680  if (count > 0) {
681  de_ctx->profile_ctx->data = SCMalloc(sizeof(SCProfileData) * de_ctx->profile_ctx->size);
682  BUG_ON(de_ctx->profile_ctx->data == NULL);
683  memset(de_ctx->profile_ctx->data, 0x00, sizeof(SCProfileData) * de_ctx->profile_ctx->size);
684 
685  sig = de_ctx->sig_list;
686  while (sig != NULL) {
687  de_ctx->profile_ctx->data[sig->profiling_id].sid = sig->id;
688  de_ctx->profile_ctx->data[sig->profiling_id].gid = sig->gid;
689  de_ctx->profile_ctx->data[sig->profiling_id].rev = sig->rev;
690  sig = sig->next;
691  }
692  }
693 
694  SCLogPerf("Registered %"PRIu32" rule profiling counters.", count);
695 }
696 
697 #endif /* PROFILING */
698 
uint16_t profiling_id
Definition: detect.h:538
void SCProfilingRulesGlobalInit(void)
#define BUG_ON(x)
uint32_t id
Definition: detect.h:529
#define unlikely(expr)
Definition: util-optimize.h:35
void SCProfilingRuleThreadCleanup(DetectEngineThreadCtx *det_ctx)
Signature * sig_list
Definition: detect.h:730
#define MIN(x, y)
struct SCProfileData_ * rule_perf_data
Definition: detect.h:1117
int ByteExtractStringUint32(uint32_t *res, int base, uint16_t len, const char *str)
Definition: util-byte.c:244
Signature container.
Definition: detect.h:496
int profiling_rules_enabled
int ConfNodeChildValueIsTrue(const ConfNode *node, const char *key)
Test if a configuration node has a true value.
Definition: conf.c:888
main detection engine ctx
Definition: detect.h:724
const char * ConfNodeLookupChildValue(const ConfNode *node, const char *name)
Lookup the value of a child configuration node by name.
Definition: conf.c:843
void CreateIsoTimeString(const struct timeval *ts, char *str, size_t size)
Definition: util-time.c:179
struct tm * SCLocalTime(time_t timep, struct tm *result)
Definition: util-time.c:232
struct SCProfileDetectCtx_ SCProfileDetectCtx
void SCProfilingRuleThreadSetup(SCProfileDetectCtx *ctx, DetectEngineThreadCtx *det_ctx)
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Definition: util-debug.h:294
void SCProfilingRuleDestroyCtx(SCProfileDetectCtx *ctx)
struct SCProfileData_ SCProfileData
struct Signature_ * next
Definition: detect.h:567
uint32_t gid
Definition: detect.h:530
#define SET_ONE(x)
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
Definition: util-debug.h:281
int ConfValIsTrue(const char *val)
Check if a value is true.
Definition: conf.c:566
Definition: conf.h:32
const char * ConfigGetLogDirectory()
Definition: util-conf.c:36
#define SCMalloc(a)
Definition: util-mem.h:166
DetectEngineCtx * de_ctx
Definition: detect.h:1090
struct SCProfileSummary_ SCProfileSummary
#define SCFree(a)
Definition: util-mem.h:228
#define SCLogPerf(...)
Definition: util-debug.h:261
void SCProfilingRuleUpdateCounter(DetectEngineThreadCtx *det_ctx, uint16_t id, uint64_t ticks, int match)
Update a rule counter.
uint32_t rev
Definition: detect.h:531
ConfNode * ConfGetNode(const char *name)
Get a ConfNode by name.
Definition: conf.c:176
struct SCProfileDetectCtx_ * profile_ctx
Definition: detect.h:844
void SCProfilingRuleInitCounters(DetectEngineCtx *de_ctx)
Register the rule profiling counters.
int profiling_output_to_file